Phishing Reporter Add-In
Phishing Reporter helps users to report the suspicious email for analysis and start an incident investigation with Incident Responder.
To run phishing reporter add-in, make sure you have all pre-requisites of Visual Studio 2010 Tools for Office Runtime.
The main function of Phishing Reporter is to make users easily report suspicious emails to their incident responder. When a user detects a suspicious email by clicking on the Suspicious Email Reporter button, he/she reports it to the incident responder module for analysis. Then, the platform investigates this suspicious email either by its own engine or with third-party integrated services. Click to see “ How does an investigation mechanism work?”
Benefits to the security operation centre (SOC)
It gives the ability to conduct an incident investigation and response without violating the privacy of users.
It strengthens the last line of defence by transforming users into “proactive agents” that detect and report attacks.[1]
Benefits to an email user
Users report suspicious an email with a single click.
It allows a user to send a suspicious email to analysis services and get a risk score.
Users receive immediate feedback.
[1] It is a way of proactively involving users to protect the institution’s security by getting employees to report suspicious emails.
Compatability
This outlook add-in compatible with the below version of Outlook
Application | Version | Support |
Microsoft Windows | Compatible | |
Outlook 2010 | Compatible | |
Outlook 2013 | Compatible | |
Outlook 2016 | Compatible | |
Microsoft Exchange & OWA | Compatible | |
Microsoft Outlook on iPhone | Compatible | |
Microsoft Outlook on Android | Compatible | |
Microsoft Outlook on Mac | Compatible | |
Google G-Suite | Compatible |
How Does the Add-in Work?
In Outlook, where the add-in is installed, the working principle works as follows:
When add-in opened:
a. Sends a heartbeat to server
b. Get order from the server, if there was an investigation or action
When add-in runs:
a. Sends the heartbeat to the server in periodic time [1]
b. If any order comes from the server, then start to do this investigation or action [2]
c. If an error occurred then it logs it to the client-side then send it to our server
When outlook closes itself, then add-in close:
[1] The add-in optimizes this process according to network and machine performance by itself.
[2] When conducting the investigation, the add-in optimizes this process according to the computer and the network situation.
Logging Mechanism
The platform's Add-in logs all problems and reports both of user’s computer (C:\Users\Public\KeepnetLabs\Log) and keepnet server.
In order to resolve the problem, please check the logs.
Older Logs: Add-in compresses and archives older logs in .zip format bigger than 8MB
Installer: Add-in keeps the logs that appeared during the installation.
Keepnet Outlook Add-in Log: The log file that keeps the logs created when add-in functions.
Minimum Computer Specifications
Outlook Versions: Outlook 2007/2010/2013/2016
CPU Usage: 0% to 5% of CPU
RAM Usage: 120~ MB of RAM
Disk Usage: 3MB disk space
Network Traffic: payload size + http requests size = Approx. 230kbps
Generating Add-in
To get the most up-to-date version of the plugin, you can access the Incident Response> Outlook Plugin page from the Keepnet cloud interface. You can create an add-in as you like in the following criteria.
Customization
When you have logged in to the Platform, the Outlook Add-in menu helps you prepare custom plugins.
Item | Description |
Add-In Name | The name you would like to give your Add-in |
Brand Name | Brand name of the Add-in you would like to give |
Send Suspicious Emails To | The email address suspicious email will be delivered |
Suspicious Subject and Content | Notification message about Suspicious Subject and Content |
Thank You Message | Thank You Message content |
Delete Message | Delete Message content |
Warning Label | Warning Label content |
Add-In Logo | Put a logo for your Add-In |
Other Optional Features | |
Reporting | Report the suspicious email to the server (it’s activated by default) |
Move it to the spam box | Move the suspicious email to the spam box |
Delete original email | Delete the original email content |
Track user actions | Log user’s actions (beta) |
Investigate email from user’s inbox | Action to analyse suspicious content from user inbox |
Send a copy of the email to us | Bend the copy of suspicious content to Keepnet Labs |
Proxy Settings | The feature to be used if the proxy server support is desired |
On-Premise Settings | The values to create their own custom plugin need to be defined by firms that use on-premise. |
Phishing Reporter Announcement Email Template
To inform your users about the Phishing Reporter Outlook add-in, you can use the following text.
Dear …. Team, We are happy to announce to you the new outlook function: “Suspicious (Phishing) E-mail Reporter”. This Outlook add-in will help you to easily and instantly report suspicious emails to Information Security Team for analysis. Please read the instructions below to understand how to use this add-on. What is Phishing Reporter add-in? Phishing Reporter add-on is a button placed on Microsoft Outlook’s menu bar under the “Home” tab. This button will enable you to report suspicious email to us. It will also give us the opportunity to timely identify email-borne cyber-threats and take certain actions at the system level before any damage occurs. What will the add-on bring?
A Sample Usage
|
Last updated
